Search Results (433 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-7441 1 Ibm 2 Business Process Manager, Websphere Process Server 2025-04-12 N/A
Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and Business Process Manager Advanced 7.5 through 7.5.1.2, 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.2 does not properly use SSL for its HTTPS connection, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors.
CVE-2016-3721 2 Jenkins, Redhat 2 Jenkins, Openshift 2025-04-12 4.3 Medium
Jenkins before 2.3 and LTS before 1.651.2 might allow remote authenticated users to inject arbitrary build parameters into the build environment via environment variables.
CVE-2016-4574 3 Canonical, Gnupg, Opensuse 4 Ubuntu Linux, Libksba, Leap and 1 more 2025-04-12 N/A
Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-4356.
CVE-2015-3334 3 Debian, Google, Opensuse 3 Debian Linux, Chrome, Opensuse 2025-04-12 N/A
browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited.
CVE-2015-4335 3 Debian, Redhat, Redislabs 3 Debian Linux, Openstack, Redis 2025-04-12 N/A
Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to execute arbitrary Lua bytecode via the eval command.
CVE-2015-5176 1 Redhat 2 Jboss Enterprise Portal Platform, Jboss Portal 2025-04-12 N/A
The PortletRequestDispatcher in PortletBridge, as used in Red Hat JBoss Portal 6.2.0, does not properly enforce the security constraints of servlets, which allows remote attackers to gain access to resources via a request that asks to render a non-JSF resource.
CVE-2015-5229 1 Redhat 8 Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Hpc Node and 5 more 2025-04-12 N/A
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
CVE-2015-5887 1 Apple 1 Mac Os X 2025-04-12 N/A
The TLS Handshake Protocol implementation in Secure Transport in Apple OS X before 10.11 accepts a Certificate Request message within a session in which no Server Key Exchange message has been sent, which allows remote attackers to have an unspecified impact via crafted TLS data.
CVE-2015-5912 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses.
CVE-2015-5914 1 Apple 1 Mac Os X 2025-04-12 N/A
The EFI component in Apple OS X before 10.11 allows physically proximate attackers to modify firmware during the EFI update process by inserting an Apple Ethernet Thunderbolt adapter with crafted code in an Option ROM, aka a "Thunderstrike" issue. NOTE: this issue exists because of an incomplete fix for CVE-2014-4498.
CVE-2015-5915 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple OS X before 10.11 does not ensure that the keychain's lock state is displayed correctly, which has unspecified impact and attack vectors.
CVE-2015-7023 1 Apple 2 Iphone Os, Mac Os X 2025-04-12 N/A
CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not properly consider the uppercase-versus-lowercase distinction during cookie parsing, which allows remote web servers to overwrite cookies via unspecified vectors.
CVE-2015-7030 1 Apple 1 Xcode 2025-04-12 N/A
The Swift implementation in Apple Xcode before 7.1 mishandles type conversion, which has unspecified impact and attack vectors.
CVE-2015-7035 1 Apple 1 Mac Os X 2025-04-12 N/A
Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and other products, mishandles arguments, which allows attackers to reach "unused" functions via unspecified vectors.
CVE-2015-7045 1 Apple 2 Mac Os X, Tvos 2025-04-12 N/A
Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 improperly interacts with Keychain Agent, which allows attackers to spoof the Keychain Server via unspecified vectors.
CVE-2015-7192 2 Apple, Mozilla 2 Mac Os X, Firefox 2025-04-12 N/A
The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X improperly interacts with the implementation of the TABLE element, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by using an NSAccessibilityIndexAttribute value to reference a row index.
CVE-2015-7196 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a Java plugin is enabled, allow remote attackers to cause a denial of service (incorrect garbage collection and application crash) or possibly execute arbitrary code via a crafted Java applet that deallocates an in-use JavaScript wrapper.
CVE-2015-7200 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2025-04-12 N/A
The CryptoKey interface implementation in Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 lacks status checking, which allows attackers to have an unspecified impact via vectors related to a cryptographic key.
CVE-2015-7204 3 Fedoraproject, Mozilla, Opensuse 4 Fedora, Firefox, Leap and 1 more 2025-04-12 N/A
Mozilla Firefox before 43.0 does not properly store the properties of unboxed objects, which allows remote attackers to execute arbitrary code via crafted JavaScript variable assignments.
CVE-2015-7311 1 Xen 1 Xen 2025-04-12 N/A
libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly flag on disks when using the qemu-xen device model, which allows local guest users to write to a read-only disk image.